<?php

function show_page() {
  global $_GET, $data, $path, $style, $session_id, $header, $default_language, $default_style;
  if (isset($data["type"]) && $data["type"] == 2) { //does the user have admin rights?
    if (!isset($_GET["act"])) $_GET["act"] = "page";
    switch ($_GET["act"]) {
      case "userdata": //list of users
        $contents = getUserData(1, 1, "");
        //echo("test");
        header ($header["xml"]);
        break;
      case "userlist": //user's data
        $filename = $path[$style]["tpl"]."/users.xml";
        $fp = fopen($filename, "r");
        $contents = fread($fp, filesize ($filename));
        fclose ($fp);

        preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);
        $rep_cont = "";
        $i_max = getMultData("select * from user order by login;", $usersdata);

        //User Data
        for ($i = 0; $i < $i_max; $i++) {
          $tmp_cont = str_replace("%USER_ID%", $usersdata[$i]["user_id"], $matches[1]);
          $tmp_cont = str_replace("%IMG_TYPE%", "user", $tmp_cont);
          $tmp_cont = str_replace("%USER_NM%", $usersdata[$i]["lname"].", ".
            $usersdata[$i]["fname"]." (".$usersdata[$i]["login"].")", $tmp_cont);
          $tmp_cont = str_replace("%USER_LN%", "index.php?trg=admin&amp;act=userdata&amp;sid=".
            $session_id."&amp;uid=".$usersdata[$i]["user_id"], $tmp_cont);
          $rep_cont .= $tmp_cont;
        }
        $contents = str_replace($matches[0], $rep_cont, $contents);
        header ($header["xml"]);
        break;
      case "update": //user's data
        $comment = "";
        if (isset($_GET["uid"]) && isset($_GET["ufname"]) && isset($_GET["ulname"]) && isset($_GET["ulogin"]) && isset($_GET["utype"])) {
          $_GET["ufname"] = utf8Encode($_GET["ufname"]);
          $_GET["ulname"] = utf8Encode($_GET["ulname"]);
          $_GET["ulogin"] = utf8Encode($_GET["ulogin"]);
          $_GET["utype"] = utf8Encode($_GET["utype"]);
          /*$tmpfile = fopen("test.txt","w");
          foreach ($_GET as $key => $value) {
            fwrite($tmpfile, "\nKey: $key; Value: $value");
          } */
          //$datatmp = null;
          /*$tmpfile = fopen("test.txt","w");
          $fp = fwrite($tmpfile,$_GET["ulname"]);
          fclose($tmpfile);*/
          $tmpSQL = "SELECT * FROM user where user_id <> ".
              $_GET["uid"]." AND login = '".
              $_GET["ulogin"]."';";
          /*print ($tmpSQL);
          print (getData($tmpSQL, $datatmp));
          print " Found: ".$datatmp["user_id"]." ".$datatmp["login"];*/
          if ( $_GET["ufname"] == "" || $_GET["ulname"] == "" || $_GET["ulogin"] == "" ||
            $_GET["utype"] > 2 || $_GET["utype"] < 0 ||
            getData($tmpSQL, $datatmp) > 0 ) {
            fwrite($tmpfile, "\nEmpty name!\n");
            $comment = getMessage("EmptyName");
          } else {
            //fwrite($tmpfile, "\nUpdating...\n");
            $sql_str = "UPDATE user SET user.login = '".$_GET["ulogin"].
              "', user.type = '".$_GET["utype"].
              "', user.fname = '".$_GET["ufname"].
              "', user.lname = '".$_GET["ulname"].
              "' WHERE user.user_id=".$_GET["uid"].";";
            insertRecord($sql_str);
          }
        $contents = getUserData(1, 0, $comment);
        //fclose($tmpfile);
        }
        if (isset($_GET["uid"]) && isset($_GET["upass1"]) && isset($_GET["upass2"])) {
          $_GET["upass1"] = utf8Encode($_GET["upass1"]);
          $_GET["upass2"] = utf8Encode($_GET["upass2"]);
          if ( $_GET["upass1"] == "" || $_GET["upass2"] == "" || $_GET["upass1"] != $_GET["upass2"]) {
            $comment = getMessage("NewRePWD");
          } else {
            $sql_str = "UPDATE user SET user.pwd = '".md5($_GET["upass2"]).
              "' WHERE user.user_id=".$_GET["uid"].";";
            insertRecord($sql_str);
          }
        $contents = getUserData(0, 1, $comment);
        }
        header ($header["xml"]);
        break;
      case "delete": //user's data
        $filename = $path[$style]["tpl"]."/action.xml";
        $fp = fopen($filename, "r");
        $contents = fread($fp, filesize ($filename));
        fclose ($fp);
        preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);

        if (isset($_GET["uid"]) && $_GET["uid"] != $data["user_id"]) {
          insertRecord("DELETE FROM user WHERE user_id=".
            $_GET["uid"].";");
          $contents = str_replace("%SCCSS%", "1", $contents);
        }
        else {
          $contents = str_replace("%SCCSS%", "0", $contents);
        }

        $contents = str_replace($matches[0], "", $contents);
        $contents = str_replace("%ACT_ID%", "Delete", $contents);
        $contents = str_replace("%PARENT%", $_GET["uid"], $contents);
        header ($header["xml"]);
        break;
      case "addnew": //user's data
        $filename = $path[$style]["tpl"]."/action.xml";
        $fp = fopen($filename, "r");
        $contents = fread($fp, filesize ($filename));
        fclose ($fp);
        preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);

        insertRecord("INSERT INTO user (fname, lname) VALUES('".
          $session_id."','".$session_id."');");
        if (getData("SELECT user_id FROM user where fname = '".
          $session_id."' AND lname = '".$session_id."';", $datatmp) == 1) {
          $sql_str = "UPDATE user SET user.login = '".getMessage("Login").
            "', user.type = 0, user.fname = '".getMessage("First name").
            "', user.lname = '".getMessage("Last name").
            "', user.style = '".$default_style.
            "', user.lang = ".$default_language.
            " WHERE user.user_id=".$datatmp["user_id"].";";
          insertRecord($sql_str);
          //print ($sql_str);
          $contents = str_replace("%SCCSS%", "1", $contents);
        }
        else {
          $contents = str_replace("%SCCSS%", "0", $contents);
          $datatmp["user_id"] = 0;
        }

        $tmp_cont = str_replace("%NODE_ID%", $datatmp["user_id"], $matches[1]);
        $tmp_cont = str_replace("%NODE_NM%", getMessage("Last name").", ".
          getMessage("First name")." (".getMessage("Login").")", $tmp_cont);
        $tmp_cont = str_replace("%NODE_LN%", "index.php?trg=admin&amp;act=userdata&amp;sid=".
          $session_id."&amp;uid=".$datatmp["user_id"], $tmp_cont);
        $tmp_cont = str_replace("%IMG_TYPE%", "user", $tmp_cont);

        $contents = str_replace($matches[0], $tmp_cont, $contents);
        $contents = str_replace("%ACT_ID%", "Add", $contents);
        $contents = str_replace("%PARENT%", "root", $contents);
        header ($header["xml"]);
        break;
      default: //including "page"
        $filename = $path[$style]["tpl"]."/admin.htm";
        $fp = fopen($filename, "r");
        $contents = fread($fp, filesize ($filename));
        fclose ($fp);

        $contents = str_replace("%ROOT_CSS%", $path[$style]["css"], $contents);
        $contents = str_replace("%ROOT_IMG%", $path[$style]["img"], $contents);
        $contents = str_replace("%ROOT_JAVA%", $path[$style]["java"], $contents);

        $contents = str_replace("%SID%", $session_id, $contents);
        $contents = str_replace("%TRG%", "admin", $contents);

        $contents = str_replace("%LOGOUT%", getMessage("Logout"), $contents);
        $contents = str_replace("%MAINMENU%", getMessage("Main menu"), $contents);
        $contents = str_replace("%ADMIN%", getMessage("Administrator"), $contents);
        $contents = str_replace("%ADD%", getMessage("Add"), $contents);
        $contents = str_replace("%DEL%", getMessage("Delete"), $contents);
        $contents = str_replace("%LOAD%", getMessage("Loading"), $contents);
        $contents = str_replace("%UNAVAIL%", getMessage("Unavailable"), $contents);
        header ($header["html"]);
        break;
    }
    header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
    header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
    header ("Cache-Control: no-cache, must-revalidate");  // HTTP/1.1
    header ("Pragma: no-cache");                          // HTTP/1.0
    print ($contents);
  }
  else { //no admin rights
    header("Location: index.php?trg=main&sid=".$session_id);
  }
}

function getUserData($showdata, $showpassword, $comment) {
  global $_GET, $path, $style, $session_id, $data;
  $filename = $path[$style]["tpl"]."/userdata.xml";
  $fp = fopen($filename, "r");
  $contents = fread($fp, filesize ($filename));
  fclose ($fp);

  preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);
  preg_match("/\%REPDAT\%(.*?)\%REPDAT\%/s", $matches[1], $datmatches);
  preg_match("/\%REPOPT\%(.*?)\%REPOPT\%/s", $datmatches[1], $optmatches);
  $rep_cont = "";
  getData("select * from user where user_id=".$_GET["uid"].";", $userdata);

  $udata = "";
  if ($showdata) {  //User data
    $contents = str_replace("%NAME%", $userdata["lname"].", ".
            $userdata["fname"]." (".$userdata["login"].")", $contents);
    //First name
    $fname = str_replace($optmatches[0], "", $datmatches[1]);
    $fname = str_replace("%TYPE%", "Text", $fname);
    $fname = str_replace("%NODE_ID%", "ufname", $fname);
    $fname = str_replace("%NODE_TL%", getMessage("First name"), $fname);
    $fname = str_replace("%VALUE%", $userdata["fname"], $fname);
    //LastName
    $lname = str_replace($optmatches[0], "", $datmatches[1]);
    $lname = str_replace("%TYPE%", "Text", $lname);
    $lname = str_replace("%NODE_ID%", "ulname", $lname);
    $lname = str_replace("%NODE_TL%", getMessage("Last name"), $lname);
    $lname = str_replace("%VALUE%", $userdata["lname"], $lname);
    //Login
    $login = str_replace($optmatches[0], "", $datmatches[1]);
    $login = str_replace("%TYPE%", "Text", $login);
    $login = str_replace("%NODE_ID%", "ulogin", $login);
    $login = str_replace("%NODE_TL%", getMessage("Login"), $login);
    $login = str_replace("%VALUE%", $userdata["login"], $login);
    //Type
    if ($_GET["uid"] == $data["user_id"]) {  //an admin cannot change his own type
      $opt1 = str_replace($optmatches[0], "", $datmatches[1]);
      $opt1 = str_replace("%TYPE%", "Hidden", $opt1);
      $opt1 = str_replace("%NODE_ID%", "utype", $opt1);
      $opt1 = str_replace("%NODE_TL%", "", $opt1);
      $opt1 = str_replace("%VALUE%", $userdata["type"], $opt1);
      $utype = str_replace($optmatches[0], "", $datmatches[1]);
      $utype = str_replace("%TYPE%", "Label", $utype);
      $utype = str_replace("%NODE_ID%", "", $utype);
      $utype = str_replace("%NODE_TL%", getMessage("Type"), $utype);
      switch ($userdata["type"]) {  //just in case...
        case 2: $utype = str_replace("%VALUE%", getMessage("Admin"), $utype);
        case 1: $utype = str_replace("%VALUE%", getMessage("RegUser"), $utype);
        default: $utype = str_replace("%VALUE%", getMessage("Guest"), $utype);
      }
      $utype = $opt1.$utype;
    }
    else {
      //options
      $opt1 = str_replace("%OPT_ID%", "1", $optmatches[1]);
      $opt1 = str_replace("%OPT_TL%", getMessage("RegUser"), $opt1);
      if ($userdata["type"] == 1) $opt1 = str_replace("%SELECTED%", "selected", $opt1);
      else $opt1 = str_replace("%SELECTED%", "0", $opt1);

      $opt2 = str_replace("%OPT_ID%", "0", $optmatches[1]);
      $opt2 = str_replace("%OPT_TL%", getMessage("Guest"), $opt2);
      if ($userdata["type"] == 0) $opt2 = str_replace("%SELECTED%", "selected", $opt2);
      else $opt2 = str_replace("%SELECTED%", "0", $opt2);

      $opt3 = str_replace("%OPT_ID%", "2", $optmatches[1]);
      $opt3 = str_replace("%OPT_TL%", getMessage("Admin"), $opt3);
      if ($userdata["type"] == 2) $opt3 = str_replace("%SELECTED%", "selected", $opt3);
      else $opt3 = str_replace("%SELECTED%", "0", $opt3);
      //type
      $utype = str_replace($optmatches[0], $opt1.$opt2.$opt3, $datmatches[1]);
      $utype = str_replace("%TYPE%", "Option", $utype);
      $utype = str_replace("%NODE_ID%", "utype", $utype);
      $utype = str_replace("%NODE_TL%", getMessage("Type"), $utype);
    }
    //Label
    $lablttt = str_replace($optmatches[0], "", $datmatches[1]);
    $lablttt = str_replace("%TYPE%", "Label", $lablttt);
    $lablttt = str_replace("%NODE_ID%", "", $lablttt);
    if ($comment != "") $lablttt = str_replace("%NODE_TL%", getMessage("Error"), $lablttt);
    else $lablttt = str_replace("%NODE_TL%", "", $lablttt);
    //$lablttt = str_replace("%VALUE%", $userdata["type"], $lablttt);
    $lablttt = str_replace("%VALUE%", $comment, $lablttt);
    //button
    $ubutn = str_replace($optmatches[0], "", $datmatches[1]);
    $ubutn = str_replace("%TYPE%", "Button", $ubutn);
    $ubutn = str_replace("%NODE_ID%", "ubutn", $ubutn);
    $ubutn = str_replace("%NODE_TL%", getMessage("Save"), $ubutn);
    $ubutn = str_replace("%VALUE%", "'0','ufname','ulname','ulogin','utype'", $ubutn);
    //User
    $udata = str_replace($datmatches[0], $fname.$lname.$login.$utype.$lablttt.$ubutn, $matches[1]);
    $udata = str_replace("%GROUP_ID%", "0", $udata);
    $udata = str_replace("%GROUP_TL%", getMessage("User data"), $udata);
    //print "****".$udata."****";
  }

  $updata = "";
  if ($showpassword) {  //User password
    //P1
    $upass1 = str_replace($optmatches[0], "", $datmatches[1]);
    $upass1 = str_replace("%TYPE%", "Password", $upass1);
    $upass1 = str_replace("%NODE_ID%", "upass1", $upass1);
    $upass1 = str_replace("%NODE_TL%", getMessage("Password"), $upass1);
    $upass1 = str_replace("%VALUE%", "", $upass1);
    //P2
    $upass2 = str_replace($optmatches[0], "", $datmatches[1]);
    $upass2 = str_replace("%TYPE%", "Password", $upass2);
    $upass2 = str_replace("%NODE_ID%", "upass2", $upass2);
    $upass2 = str_replace("%NODE_TL%", getMessage("RepeatPass"), $upass2);
    $upass2 = str_replace("%VALUE%", "", $upass2);
    //Label
    $labltt = str_replace($optmatches[0], "", $datmatches[1]);
    $labltt = str_replace("%TYPE%", "Label", $labltt);
    $labltt = str_replace("%NODE_ID%", "", $labltt);
    if ($comment != "") $labltt = str_replace("%NODE_TL%", getMessage("Error"), $labltt);
    else $labltt = str_replace("%NODE_TL%", "", $labltt);
    $labltt = str_replace("%VALUE%", $comment, $labltt);
    //button
    $ubutn2 = str_replace($optmatches[0], "", $datmatches[1]);
    $ubutn2 = str_replace("%TYPE%", "Button", $ubutn2);
    $ubutn2 = str_replace("%NODE_ID%", "ubutn2", $ubutn2);
    $ubutn2 = str_replace("%NODE_TL%", getMessage("ChangePass"), $ubutn2);
    $ubutn2 = str_replace("%VALUE%", "'1','upass1','upass2'", $ubutn2);

    $updata = str_replace($datmatches[0], $upass1.$upass2.$labltt.$ubutn2, $matches[1]);
    $updata = str_replace("%GROUP_ID%", "1", $updata);
    $updata = str_replace("%GROUP_TL%", getMessage("Password"), $updata);
    //print "****".$udata."****";
  }

  return str_replace($matches[0], $udata.$updata, $contents);
}
?>